Evolution of technology and digitization improves our way of working, communication, banking, etc. and we heavily rely on it, but this infrastructure is also a home for some lawbreakers who took advantage of innocent people behavior and want to break their banks, in words of the internet we call it phishing and today we talk about how to avoid phishing scams and emails.
Famous Phishing Scam Victim
John Podesta consulted with many American political figures during his career. He was the Deputy Chief of Staff and White House Chief of Staff during Bill Clinton’s Presidency. He was also a counselor to President Barack Obama, and in charge of Hillary Clinton’s POTUS campaign in 2016.
With so much political experience, Podesta knew security was important, right? When Podesta received an email from Google to change his Gmail password he did exactly what he was supposed to do. Podesta forwarded the email to Clinton’s IT team for inspection.
The IT team said he needed to change his email password and gave him the Gmail website link. Somehow, Podesta didn’t use it and instead clicked on the URL shortened by the Bit.ly link in the body of the original email sent to him. Once he changed his password, hackers gained access to thousands of emails. It was the beginning of the Hillary Clinton 2016 presidential campaign scandal.
Yes, this is 2019 and hackers are ever so clever and more creative than ever. Often, it really doesn’t matter how much a person knows about online security if he or she doesn’t make the effort to educate themselves about it on a regular basis. Hackers, scammers, and online criminals of all sorts are so crafty because they constantly learn about online security and search thoroughly for security holes.
Anyone who is aware knows that phishing scams are a crime and it originates from what seems to be a legitimate company asking for sensitive personal information such as passwords, financial information, Social Security number, date of birth, and anything else that confirms a person’s identity. Web pages are designed to look like websites the target victim is familiar with. There are many well-known phishing scams.
Types of Phishing Scams
These scams don’t have a focus. They are mass emails sent to a lot of people in hopes that an unknowing victim really does have an account with a certain bank, or maybe it really is time to renew a driver’s license, and doing it online will save a lot of time. Victims of general phishing crimes are usually victims of chance.
Wi-Fi phishing is a bit impersonal and general too. A man can go to a coffee shop because he wants a Wi-Fi connection, not coffee. If he has never been there previously, he may not be aware of the official Wi-Fi provided. It is possible an employee working, a neighbor, or coffee shop regular, set up Wi-Fi with a name that looks legitimate, specifically to gain access to passwords and sensitive information and data on any computer in the shop. Even on an authentic coffee shop’s Wi-Fi, hackers can gain access to a computer because public Wi-Fi isn’t secure.
Spear phishing is usually an email that appears to come from a person the recipient knows. This kind of phishing is a little more personal. The purpose is to make the poor victim comfortable enough to share whatever information the criminal is seeking. The naïve person unaware of the phishing scam thinks, Of course, I will email the vice-president the password to access every client’s payment information. I know she will never misuse it. By the time fraud is revealed, it is already too late.
Clone phishing can be combined with spear-phishing and is just as personal. An email can be cloned to look as if it came from a known sender. The email is almost identical to previous emails sent from that individual to the point it isn’t recognizable unless the recipient carefully looks at the email address. This kind of email always contains an attachment or bad link (like the one that fooled Podesta).
Clone phishing emails are most often from a person who knows the intended target well or did a lot of research to make him or her experience a sense of intimacy and feel safe. With so many phishers in the internet world, it is important to know the latest bait they are using. This is a very simple and important fact that cannot be stressed enough.
Phishing prevention is a must for any individual or company. Education is key. Stay up-to-date about cyber-security and online scams. Companies need to protect valuable information and teach employees what they need to do and look for to ensure safety by educating and testing on a regular basis. It is the only way to teach employees online safety and hold them accountable when there is a problem.
Utilizing a managed security services provider (MSSP) to educate, monitor, and test company personnel helps them learn very quickly. In fact, phishing emails are sent by an MSSP that will not harm computer systems. An MSSP will keep track of the employees who interacted with the emails and report them. The reckless can be counseled so they don’t become prey to future scams. In addition, Single Sign-On (SSO) with authentication can be put into place so employees don’t need to enter passwords. Phishing scams will be apparent if a request for a password is made.
Companies can also protect themselves with outbound email scanning and Data Loss Prevention (DLP) tools. Deployments of web filters block questionable sites, and SPAM filters detect viruses while noticing blank senders. A Secure Sockets Layer (SSL) certificate also helps to keep all traffic to and from your website secure. Encryption is always key.
Regardless of using a computer for work or personal use, it is always a wise decision to adhere to the following protocol:
-Think before clicking.
-Install an anti-phishing toolbar. Some are free.
-Always verify the security of websites by double-clicking the lock at the top of the search page where the website is listed.
-Use firewalls and VPNs.
-Be cautious of pop-ups.
-Use anti-virus software. Some are free.
-Check online accounts and change passwords regularly.
-If an email requests sensitive information, contact the person by phone or open a new tab and go to the company website directly.